Apache HTTP Server Terminal Escape Sequence In Logs Command Injection Vulnerability
Schweregrad: : Medium
Identificador(es) CVE: : CVE-2013-1862
Data do informe: 21 julho 2015
Descrição
mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
Exposição das informações
Apply associated Trend Micro DPI Rules.
Solução
Trend Micro Deep Security DPI Rule Number: 1000128
Trend Micro Deep Security DPI Rule Name: 1000128 - HTTP Protocol Decoding
Software infectado e versão:
- apache http_server 2.2
- apache http_server 2.2.0
- apache http_server 2.2.1
- apache http_server 2.2.10
- apache http_server 2.2.11
- apache http_server 2.2.12
- apache http_server 2.2.13
- apache http_server 2.2.14
- apache http_server 2.2.15
- apache http_server 2.2.16
- apache http_server 2.2.17
- apache http_server 2.2.18
- apache http_server 2.2.19
- apache http_server 2.2.2
- apache http_server 2.2.20
- apache http_server 2.2.21
- apache http_server 2.2.22
- apache http_server 2.2.23
- apache http_server 2.2.24
- apache http_server 2.2.3
- apache http_server 2.2.4
- apache http_server 2.2.6
- apache http_server 2.2.8
- apache http_server 2.2.9